By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

we explore how a UTM system can help reduce security incidents. In part two, we discuss more considerations to keep in mind to ensure you find the best UTM for your enterprise needs.

UTM products, even those that don't offer all the typical security capabilities, are very effective at stopping many of today's attacks; this translates into a reduction in damage and related costs to the organization. For many organizations, particularly smaller organizations that lack security expertise and manpower, UTM can make a significant difference in how effectively attacks can be detected and stopped, or at least mitigated. For larger organizations, UTM may not provide as dramatic a difference in security, but there can still be major improvements in convenience and cost as a result of a UTM deployment.

UTMs are capable of detecting and stopping attacks that individual component products could not detect because they lack that level of cooperation.

The business benefits of using UTM appliances fall into four major categories: reducing the number of security incidents; improving the rollout of new security capabilities; reducing infrastructure, software and labor costs; and minimizing latency.

UTM benefit No. 1: Reduce security incidents

Using a single integrated product instead of several disparate products tends to improve the effectiveness and efficiency of attack detection and prevention capabilities. In turn, this reduces the number of data breaches and other incidents that occur in an organization. When separate products are used, the analysis required to detect attacks must be repeated; with an integrated UTM product, in contrast, analysis is done once. For instance, if you want to check Web requests and responses for malicious activity, you must parse the applicable Web protocols, then study the content packaged within these protocols. With a single product, however, this parsing occurs only once, and the content studying is also performed more efficiently, compared to several products each independently doing its own check.

If a product is truly integrated -- if its detection and prevention capabilities all work together, sharing information and results -- then the single product is capable of detecting and stopping attacks that individual component products could not detect because they lack that level of cooperation. This is particularly true for previously unknown attacks (those that cannot be detected through signature-based methods). If such an attack is attempted, it might be noticed as suspicious independently by multiple detection capabilities. Noticed independently, none of these levels of suspicion would be great enough to declare definitively that an attack is occurring, but when multiple components are suspicious of an activity and correlate those suspicions, the overall decision can be to treat the activity as an attack.

Unified threat management links

Another important aspect of UTM systems is the wide variety of detection and prevention capabilities that they support. As previously mentioned, UTM is a layered defense in a single product. UTM can detect many different types of attacks, so it is the equivalent of several separate products in terms of its security capabilities. And as discussed above, with thorough integration, a UTM can provide detection and prevention functions greater than the sum of its parts can.

About the authorKaren Scarfone is the principal consultant for Scarfone Cybersecurity in Clifton, Virginia. She provides cybersecurity publication consulting services, specializing in network and system security guidelines. Scarfone was formerly a senior computer scientist for the National Institute of Standards and Technology (NIST), where she oversaw the development of system and network security publications for federal civilian agencies and the public.

What is your enterprise's favorite benefit of UTM and why?

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy